Rename method to IsChallengeEnabled

This commit is contained in:
Mariano Cano 2022-09-08 13:22:35 -07:00
parent c77b4ff9c5
commit fd4e96d1f4
5 changed files with 33 additions and 34 deletions

View file

@ -41,8 +41,8 @@ func (*fakeProvisioner) AuthorizeSign(ctx context.Context, token string) ([]prov
return nil, nil return nil, nil
} }
func (*fakeProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error { func (*fakeProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
return nil return true
} }
func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil } func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }

View file

@ -258,8 +258,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
prov := acme.MustProvisionerFromContext(ctx) prov := acme.MustProvisionerFromContext(ctx)
az.Challenges = make([]*acme.Challenge, 0, len(chTypes)) az.Challenges = make([]*acme.Challenge, 0, len(chTypes))
for _, typ := range chTypes { for _, typ := range chTypes {
// Make sure the challenge is enabled if !prov.IsChallengeEnabled(ctx, provisioner.ACMEChallenge(typ)) {
if err := prov.AuthorizeChallenge(ctx, provisioner.ACMEChallenge(typ)); err != nil {
continue continue
} }

View file

@ -71,7 +71,7 @@ type Provisioner interface {
AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error
AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error) AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
AuthorizeRevoke(ctx context.Context, token string) error AuthorizeRevoke(ctx context.Context, token string) error
AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool
GetID() string GetID() string
GetName() string GetName() string
DefaultTLSCertDuration() time.Duration DefaultTLSCertDuration() time.Duration
@ -110,7 +110,7 @@ type MockProvisioner struct {
MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error
MauthorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error) MauthorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
MauthorizeRevoke func(ctx context.Context, token string) error MauthorizeRevoke func(ctx context.Context, token string) error
MauthorizeChallenge func(Ctx context.Context, challenge provisioner.ACMEChallenge) error MisChallengeEnabled func(Ctx context.Context, challenge provisioner.ACMEChallenge) bool
MdefaultTLSCertDuration func() time.Duration MdefaultTLSCertDuration func() time.Duration
MgetOptions func() *provisioner.Options MgetOptions func() *provisioner.Options
} }
@ -148,11 +148,11 @@ func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, token string) err
} }
// AuthorizeChallenge mock // AuthorizeChallenge mock
func (m *MockProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error { func (m *MockProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
if m.MauthorizeChallenge != nil { if m.MisChallengeEnabled != nil {
return m.MauthorizeChallenge(ctx, challenge) return m.MisChallengeEnabled(ctx, challenge)
} }
return m.Merr return m.Merr == nil
} }
// DefaultTLSCertDuration mock // DefaultTLSCertDuration mock

View file

@ -205,10 +205,10 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
return p.ctl.AuthorizeRenew(ctx, cert) return p.ctl.AuthorizeRenew(ctx, cert)
} }
// AuthorizeChallenge checks if the given challenge is enabled. By default // IsChallengeEnabled checks if the given challenge is enabled. By default
// http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the // http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
// Challenge provisioner property should have at least one element. // Challenge provisioner property should have at least one element.
func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge) error { func (p *ACME) IsChallengeEnabled(ctx context.Context, challenge ACMEChallenge) bool {
enabledChallenges := []ACMEChallenge{ enabledChallenges := []ACMEChallenge{
HTTP_01, DNS_01, TLS_ALPN_01, HTTP_01, DNS_01, TLS_ALPN_01,
} }
@ -217,8 +217,8 @@ func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge)
} }
for _, ch := range enabledChallenges { for _, ch := range enabledChallenges {
if strings.EqualFold(string(ch), string(challenge)) { if strings.EqualFold(string(ch), string(challenge)) {
return nil return true
} }
} }
return fmt.Errorf("acme challenge %q is disabled", challenge) return false
} }

View file

@ -242,7 +242,7 @@ func TestACME_AuthorizeSign(t *testing.T) {
} }
} }
func TestACME_AuthorizeChallenge(t *testing.T) { func TestACME_IsChallengeEnabled(t *testing.T) {
ctx := context.Background() ctx := context.Background()
type fields struct { type fields struct {
Challenges []ACMEChallenge Challenges []ACMEChallenge
@ -252,32 +252,32 @@ func TestACME_AuthorizeChallenge(t *testing.T) {
challenge ACMEChallenge challenge ACMEChallenge
} }
tests := []struct { tests := []struct {
name string name string
fields fields fields fields
args args args args
wantErr bool want bool
}{ }{
{"ok http-01", fields{nil}, args{ctx, HTTP_01}, false}, {"ok http-01", fields{nil}, args{ctx, HTTP_01}, true},
{"ok dns-01", fields{nil}, args{ctx, DNS_01}, false}, {"ok dns-01", fields{nil}, args{ctx, DNS_01}, true},
{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, false}, {"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, true},
{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, true}, {"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, false},
{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, false}, {"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, true},
{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, false}, {"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, true},
{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, false}, {"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, true},
{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, false}, {"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, true},
{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, true}, {"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, false},
{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true}, {"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, false},
{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true}, {"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, false},
{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true}, {"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true}, {"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, false},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
p := &ACME{ p := &ACME{
Challenges: tt.fields.Challenges, Challenges: tt.fields.Challenges,
} }
if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr { if got := p.IsChallengeEnabled(tt.args.ctx, tt.args.challenge); got != tt.want {
t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("ACME.AuthorizeChallenge() = %v, want %v", got, tt.want)
} }
}) })
} }